package com.wx.bootsecurity.service.impl;

import com.wx.bootsecurity.service.MyService;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

import javax.servlet.http.HttpServletRequest;
import java.util.Collection;

/**
 * @Author: aerfazhe
 * @Date: 2021/7/23 10:04
 * @Statement: 结合access实现自定义权限访问控制
 */
@Service
public class MyServiceImpl implements MyService {

    @Override
    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
        Object o = authentication.getPrincipal();
        if (o instanceof UserDetails) {
            UserDetails userDetails = (UserDetails) o;
//            获取权限
            Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities();
//            匹配看是否具有对应的url
            return authorities.contains(request.getRequestURI());
        }
        return false;
    }
}
